Manualshelf

HP-UX 11i June 2002 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
919293949596979899100
HP-UX 11i Operating Environment Applications
HP-UX 11i Operating Environment
Chapter 6
100
The PAM Kerberos module is compliant with IETF RFC 1510 and Open Group RFC 86.
PAM Kerberos is also available under the product number J5849AA on the Applications
Software CD. This product provides a libpam_krb5.1 library, a pam_krb5 (1) manpage,
and a release note document.
Installation Requirements
The minimum disk space required to install the product is 1MB. Additional disk space of
about 1KB per user in the system /tmp file is required to store initial Ticket Granting
Tickets in the credential cache file.
Impact
HP-UX PAM Kerberos is implemented under the PAM framework, which allows new
authentication service modules to be plugged in and made available without modifying
the application or rebooting the system.
PAM Kerberos works on HP 9000 servers and workstations with a minimum of 32MB of
memory and sufficient swap space (a minimum of 50MB is recommended).
NOTE PAM Kerberos is not thread safe.
Coexistence Issues
PAM Kerberos (libpam_krb5.1) and PAM DCE (libpam_dce.1) plug-in modules can not
be stacked together in the pam.conf file because of different principal styles and
credential file paths. If so stacked, the results will be unpredictable.
The Kerberos system ftp service may list the /etc/issue file before the expected
output. The sis (5) manpage provides detailed information. If the password has expired
on a Microsoft Windows 2000 KDC, you will be asked for a new password but will not be
allowed to log in. This is a known problem in Windows 2000.
When changing passwords on a MIT KDC with a version prior to 1.1, up to 45 seconds
may elapse before the password is actually changed due to the selection mechanism of
the change password protocol.
Documentation
The following documentation is available:
The newly created manpage for pam_kerberos is available at
/usr/share/man/man5.Z/pam_krb5.5.
The white paper, Network Security Features of HP-UX 11i, is available at
http://www.unix.hp.com/operating/hpux11i/infolibrary/.
The PAM Kerberos Release Notes for HP-UX 11i is available at
http://docs.hp.com.